Systems and methods for intelligent data routing based on data type are provided. A proxy installed on a client device receives a data stream and scans the data stream for classification parameters associated with sensitive data. A data stream may be broken down, for example, to data packets, classified using known libraries containing characteristics of a classification, and routed based on applicable policies governing each classification. The routed data packets are constantly monitored and may be re-routed to a network designed to handle highly sensitive data, a network designed to handle data with high security risk, or to another applicable service infrastructure as needed, before reaching the intended recipient. The classification libraries may be updated based on the monitored data and change in classification of the data packet.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, wherein classifying the first and the second data packets as sensitive includes separating the first and the second data packets from one or more other data packets in a data stream, wherein at least one of the other data packets in the data stream has a different classification.
3. The method of claim 2, further comprising routing the at least one of the other data packets in the data stream in accordance with different policies applicable to the different classification.
4. The method of claim 1, wherein routing the first and the second data packets includes routing the first and the second data packets to a honeypot.
5. The method of claim 4, further comprising identifying via the honeypot that the first and the second data packets do not meet a defined level of security risk, and further routing the first and the second data packets based on the identification that the first and the second data packets do not meet the defined level of security risk.
6. The method of claim 4, further comprising identifying via the honeypot that the first and the second data packets meet a defined level of security risk, and continuing to isolate the first and the second data packets via the honeypot based on the identification that the first and the second data packets meet the defined level of security risk.
7. The method of claim 1, wherein classifying the first and the second data packets is based on one or more libraries that store a plurality of parameters associated with the sensitive data.
8. The method of claim 1, wherein the first and the second data packets are routed from one service infrastructure governed by at least one of the policies to another service infrastructure governed by another one of the policies until the policies applicable to the sensitive classification are satisfied.
10. The system of claim 9, wherein the execution of the instruction by the processor further comprises separating the first and the second data packets from one or more other data packets in a data stream, wherein at least one of the other data packets in the data stream has a different classification.
11. The system of claim 10, wherein the proxy further routes the at least one of the other data packets in the data stream in accordance with different policies applicable to the different classification.
12. The system of claim 9, further comprising a honeypot device isolated from one or more devices in the communication network, wherein the proxy routes the first and the second data packets to the honeypot device.
13. The system of claim 12, wherein the honeypot device identifies that the first and the second data packets do not meet a defined level of security risk, and wherein the proxy routes the first and the second data packets based on the identification that the first and the second data packets do not meet the defined level of security risk.
14. The system of claim 12, wherein the honeypot device identifies that the first and the second data packets meet a defined level of security risk, and continues to isolate the first and the second data packets based on the identification that the first and the second data packets meet the defined level of security risk.
15. The system of claim 9, further comprising one or more libraries that store a plurality of parameters associated with the sensitive data, wherein the proxy classifies the first and the second data packets based on the one or more libraries.
16. The system of claim 9, wherein the proxy routes the first and the second data packets from one service infrastructure governed by at least one of the policies to another service infrastructure governed by another one of the policies until the policies applicable to the sensitive classification are satisfied.
18. The storage medium of claim 17, wherein classifying the first and the second data packets as sensitive includes separating the first and the second data packets from one or more other data packets in a data stream, wherein at least one of the other data packets in the data stream has a different classification.
19. The storage medium of claim 18, wherein the method comprises routing the at least one of the other data packets in the data stream in accordance with different policies applicable to the different classification.
20. The storage medium of claim 17, wherein routing the first and the second data packets includes routing the at least one data packet to a honeypot.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 2, 2020
March 21, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.